ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-231) There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.
Date Wed, 05 Sep 2012 14:08:07 GMT

    [ https://issues.apache.org/jira/browse/WSS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448760#comment-13448760
] 

Colm O hEigeartaigh commented on WSS-231:
-----------------------------------------


This is now fixed for 1.6.8 (probably released at the end of this month). To get it to work
you must have the actions as "Signature Timestamp". There is a workaround that detects this
case (and if the Timestamp is to be signed) to append the Signature Element after the Timestamp
instead. It does not work for the "Timestamp Signature" case - that still prepends the Signature
to the security header.

Colm.
                
> There is an issue with the position of the <Timestamp> element in the <Security>
header when using  WSS4J calling .NET Web Services with WS-Security.  
> -------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-231
>                 URL: https://issues.apache.org/jira/browse/WSS-231
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>         Environment: Windows, Solaris
>            Reporter: Chris Weitner
>            Assignee: Colm O hEigeartaigh
>              Labels: timestamp, ws-security
>             Fix For: 1.6.8
>
>         Attachments: patch.txt
>
>
> There is an issue with the position of the <Timestamp> element in the <Security>
header when using  WSS4J calling .NET Web Services with WS-Security.  When using the "Timestamp
Signature" action over https, we are receiving the following error: "Signing without primary
signature requires timestamp".   When I modified org.apache.ws.security.message.WSSecSignature
to position <Timestamp> as the first element in <Security> it worked fine (by
default <Timestamp> is the last element and after the <Signature>).  Can this
be fixed or can you make Timestamp positioned first as a configuration option?
> <soapenv:Header>
>   <wsse:Security>
>  
>     <wsu:Timestamp>
>       <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
>       <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
>     </wsu:Timestamp>
>  
>     <wsse:BinarySecurityToken</wsse:BinarySecurityToken>
>  
>     <ds:Signature>
>        ....
>     </ds:Signature>
>   </wsse:Security>
> </soapenv:Header>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message